Private sector government contractors may soon be subjected to new rules for managing sensitive federal information.
The National Institute of Standards and Technology (NIST) recently published draft requirements for federal and nonfederal groups with access to “controlled unclassified information” — a subset of confidential information that, while not classified, must still be protected. The Commerce Department agency is accepting public comments on the draft until May 12, 2015.
These requirements are meant to supplement rules under the Federal Information Security Management Act, which governs how federal agencies (and contractors, on their behalf) manage their own data in their own information systems, according to NIST fellow Ron Ross.
The new guidance aims to cover situations not explicitly mentioned in FISMA — for instance, when state and local governments, colleges and universities, or private organizations happen to receive federal CUI data through a contract or an agreement.
Keep reading this article at: http://www.nextgov.com/big-data/2015/04/nist-refining-rules-non-federal-groups-handling-federal-data/109399
